Notices

Originally Posted by jmc8501

I've been reading this thread and trying to follow the instructions carefully, but I can't seem to get past step one. When I try to ssh into my computer, I get the response:

/etc/ssh.ssh_config line 50: Unsupported option "GSSAPIAuthentication"
/etc/ssh.ssh_config line 51: Unsupported option "GSSAPIDelegateCredentials"
ssh: connect to host 192.168.2.20 port 2222: No route to host

I have checked with the PFPortChecker that the ports are open(5800 & 5900), and that I edited the CopSSH ssh_config and sshd_config files were edited, uncommenting the port line to "port 2222" to no avail.

Any help will be greatly appreciated!

DMZ
The DMZ feature allows you to specify one computer on your network to be placed outside of the NAT firewall. This may be necessary if the NAT feature is causing problems with an application such as a game or video conferencing application. Use this feature on a temporary basis. The computer in the DMZ is not protected from hacker attacks. To put a computer in the DMZ, enter the last digits of its IP address in the field below and select "Enable". Click "Submit" for the change to take effect.

ssh -L5901:127.0.0.1:5900 155.174.211.137 -lMauricio -p 2222 -v

OpenSSH_5.1p1 Debian-6.maemo2, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
/etc/ssh/ssh_config line 50: Unsupported option "GSSAPIAuthenticati on"
/etc/ssh/ssh_config line 51: Unsupported option "GSSAPIDelegateCred entials"
debug1: Connecting to 155.174.211.137 [155.174.211.137 ] port 2222.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenS SH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6.maemo2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[155.174.211.137 ]:2222' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keybo ard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keybo ard-interactive
debug1: Next authentication method: password
Mauricio@155.174.211.137's password:
debug1: Authentication succeeded (password).
debug1: Local connections to LOCALHOST:5901 forwarded to remote add ress 127.0.0.1:5900
debug1: Local forwarding listening on 127.0.0.1 port 5901.
debug1: channel 0: new [port listener]
socket: Address family not supported by protocol
debug1: channel 1: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US
debug1: Sending env LC_MESSAGES = en_US
Last login: Wed Sep 30 17:42:35 2009 from 155.174.211.137
debug1: client_input_channel_req: channel 1 rtype exit-status reply 0
debug1: client_input_channel_req: channel 1 rtype eow@openssh.com r eply 0
debug1: channel 1: free: client-session, nchannels 2
debug1: channel 0: free: port listener, nchannels 1
Connection to 155.174.211.137 closed.
Transferred: sent 1824, received 2136 bytes, in 0.4 seconds
Bytes per second: sent 4450.4, received 5211.6
debug1: Exit status 1

Originally Posted by JayOnThaBeat

Uhhhhh.....
I'm not really sure what you mean.

Originally Posted by allnameswereout

As for your first question: If we assume your netmask is 255.255.255.0, yes. Some routers have option to still not allow traffic between WLAN and LAN.

As for your second question, short story: try adding -N flag to your SSH command and see what happens.

And the long story: What I meant with that b0rked statement is that, in that case you posted ssh client log, routing and portforwarding works, you are able to send and receive TCP packets to OpenSSH server port 2222. The SSH protocols match, the authentication succeeds... so you get far further than when it is stuck on no route to host.

..but then it immediately logs out. If it executed your port forwarding it'd stay connected until you quit it (or networking problem), and to kill the tunnel you'd use ^C (Ctrl+C). Instead, you get debug1: Exit status 1 (different than 0; 0 means no error), in this case usually problem is 1) login shell doesn't exist 2) or is set to /bin/false (or something similar). Check the OpenSSH's /etc/passwd and see if it is correct set. The -N flag will not execute the remote command and is recommended in situations like these.

@ Jay that reminds me, if you don't want to use OpenSSH to remotely log in to your computer to get a shell but do wish to use only port forwarding (ie. only want to use OpenSSH to run VNC server) you can harden OpenSSH server further. Worth it to discuss or not...?

Originally Posted by jmc8501

As a side note, I tried using the bash shell on my laptop that comes with Copssh, and tried to ssh to a work computer, but it told me:

$ ssh mauricio@[known ip-address]
ssh: connect to host [known ip-address] port 2222: Connection timed out

This "[known ip-address]" is one that I connect to regularly using PuTTY (which I also have installed on my laptop) and it gives me no problems. I'm not sure if this is relevant, of course.